SUSE CVE-2024-30261

🗓️ 11 Apr 2024 02:30:44Reported by Suse CVEType

CVE-2024-30261 in Undici allows altering the integrity option in fetch(), making tampered requests appear valid; fixed in versions 5.28.4 and 6.11.1.

Reporter	Title	Published	Views	Family All 70
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	17 Sep 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]	23 Apr 202414:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2024-30260, CVE-2024-30261)	21 Jun 202415:18	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	14 Aug 202409:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )	8 Aug 202415:45	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-594)	29 Apr 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-694)	6 Aug 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30261)	10 Feb 202500:00	–	nessus
Tenable Nessus	Fedora 38 : nodejs-undici (2024-6d9c1da54f)	12 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 40 : nodejs-undici (2024-a5dc987f91)	29 Apr 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	15.7	any	corepack16	16.20.2-150400.3.36.1	corepack16-16.20.2-150400.3.36.1.noarch.rpm
OpenSUSE Leap	15.5	any	corepack18	18.20.1-150400.9.21.3	corepack18-18.20.1-150400.9.21.3.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	corepack18	18.20.1-150400.9.21.3	corepack18-18.20.1-150400.9.21.3.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	corepack18	18.20.1-150400.9.21.3	corepack18-18.20.1-150400.9.21.3.noarch.rpm
OpenSUSE Leap	15.5	any	corepack20	20.12.1-150500.11.9.2	corepack20-20.12.1-150500.11.9.2.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs-electron	28.2.10-3.1	nodejs-electron-28.2.10-3.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs-electron-devel	28.2.10-3.1	nodejs-electron-devel-28.2.10-3.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs-electron-doc	28.2.10-3.1	nodejs-electron-doc-28.2.10-3.1.noarch.rpm
SUSE Linux Enterprise Server	15.4	any	nodejs16	16.20.2-150400.3.36.1	nodejs16-16.20.2-150400.3.36.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	nodejs16	16.20.2-150400.3.36.1	nodejs16-16.20.2-150400.3.36.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2024-30261
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1222603
lists	www.lists.suse.com/pipermail/sle-updates/2024-April/034986.html
lists	www.lists.suse.com/pipermail/sle-updates/2024-April/034991.html
lists	www.lists.suse.com/pipermail/sle-updates/2024-April/034989.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-May/018620.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-May/018619.html

13 Dec 2025 00:47Current

9.3High risk

Vulners AI Score9.3

CVSS 3.13.1

EPSS0.00803